|
||||||||||
Hi Manuel, is it possible to release soon a m0n0 Beta 1.2b5.1 ??? ;) Only with this fix ? Thanks, Sascha -----Ursprüngliche Nachricht----- Von: Manuel Kasper [mailto:mk at neon1 dot net] Gesendet: Freitag, 25. Februar 2005 22:16 An: Chris Buechler Cc: m0n0wall at lists dot m0n0 dot ch Betreff: Re: [m0n0wall] Beta 1.2b5 On 22.02.2005 20:46 -0500, Chris Buechler wrote: > On Wed, 23 Feb 2005 01:56:24 +0100, Dennis Karlsson > <dennis at denniskarlsson dot com> wrote: >> >> I can't get beta5 to work with incoming connections while the >> Traffic Shaper is enabled. >> > > Two verified cases of inbound NAT no longer working after upgrade > with traffic shaping enabled here, WRAP and 45xx images. It > immediately works again after disabling traffic shaper. OK, I've investigated the problem and found the cause. It's already been described in a FreeBSD PR: <http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/76539> Only in m0n0wall the situation is reversed (the problem happens on the input side rather than the output side) because I've modified the processing order of ipfw and ipfilter such that the following is true: outbound packets: ipfw -> ipfilter inbound packets: ipfilter -> ipfw This is so that you can write traffic shaper rules with internal source IPs for outbound packets on WAN (rather than after NAT, where you'd just see m0n0wall's WAN IP address as the source). Anyway - the fix described in that PR works similarly for ip_input.c, and it'll be in the next beta release. Thanks everybody for reporting this issue! - Manuel --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |